<?php
/**
 * Script used to update staffcomments about for one employee about one project.
 * If the employee has written a comment on the project before, update the
 * comment. Else, insert a new row in the database.
 */

// Start the session handling system
session_start ();

// Connect to the database
require_once ("../../../db.php");

// Only allow this for employees
if (!isset($_SESSION['uid']) || ($_SESSION['type'] != 'employee'))
    die('Not logged in as an employee user');

$sql = 'INSERT INTO staffcomments
        VALUES ("'.$_SESSION["uid"].'", '.$_POST["pid"].', "'.$_POST["comm"].'","")
        ON DUPLICATE KEY UPDATE
          comment = "'.$_POST["comm"].'"';

$sth = $db->prepare($sql);
$sth->execute();
$row = $sth->fetchAll();

if ($row) {
    echo json_encode($row);
}else
    echo json_encode(array('error' => 'Unable to update the comment.'));
?>
